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TO THE COMMISSIONER FOR PATENTS: 

A. Transmittal 

Transmitted herewith is a "Response and Request for Reconsideration" in the above- 
identified application. No additional claim fee is required. 

B. Petition for Extension of Time 

Applicant respectfully requests that the shortened statutory period for response to the 
outstanding Office Action dated February 15, 2005, set to expire on May 15, 2005, be extended 
by two months to expire on July 15, 2005. 

Enclosed is our Check No. /^^9C>'3 in the amount of: 

$120 (one month) $1020 (three months) 

X $450 (two months) $1590 (four months) 
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C. Additional Fee Charges or Credit for Overpayment 

The Commissioner is hereby authorized to charge any fees under 37 C.F.R. §§ 1.16, 1.17 
and 1.18 which may be required during the entire pendency of the appUcation, or credit any 
overpayment, to Deposit Accoxmt No. 03-1740. This authorization also hereby includes a request 
for any extensions of time of the appropriate length required upon the filing of any reply during 
the entire prosecution of this application. A copy of this sheet is enclosed . 

Respectfully submitted, 

CHRISTENSEN O^CONNOR 
JOHNSON KINDNESS^"^ 




Clint J. Feekes 
Registration No. 51,670 
Direct Dial No. 206.695.1633 

I hereby certify that this correspondence is being deposited with the U.S. Postal Service in a sealed 
envelope as first class mail with postage thereon fully prepaid and addressed to Mail Stop AF, Commissioner for 
Patents, P.O. Box 1450, Alexandria, VA 22313-1450, on the below date. //^ 

Date: July 14, 2005 ^y]dA^%^CW2^ 



CJF:mgp 
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MAIL STOP AF 
RESPONSE UNDER 37 C.F.R. § 1.116 
EXPEDITED PROCEDURE 
EXAMINING GROUP 2100 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicant: B. Dharmarajan Attorney Docket No.: MSFT115431 

Application No.: 09/650,105 Group Art Unit: 2131 

Filed: August 29, 2000 Examiner: T.T. Arani 

Title: METHOD AND SYSTEM FOR AUTHORIZING A CLIENT COMPUTER 

TO ACCESS A SERVER COMPUTER 

RESPONSE AND REOUEST FOR RECONSIDERATION 

Seattle, Washington 98101 
July 14, 2005 

TO THE COMMISSIONER FOR PATENTS: 

INTRODUCTORY COMMENTS 
Applicant respectfully requests that the above-identified patent application be reexamined 
and reconsidered. Claims 1-21 are now pending in this appUcation. In a final Office Action 
dated February 15, 2005 (hereinafter the "Office Action"), Claims 1-5, 8-13, 17, 19, and 21 were 
rejected under 35U.S.C. § 103(a) as being unpatentable over U.S. Patent No. 6,263,432 to 
Sasmazel etal. (hereinafter "Sasmazel"), in view of U.S. Patent No. 5,721,777 to Blaze etal. 
(hereinafter "Blaze"), in view of U.S. Patent No. 6,101,486 to Roberts etal. (hereinafter 
"Roberts"), in further view of U.S. Patent No. 5,999,711 to Misra etal. (hereinafter "Misra"). 
Claims 6-7 were rejected under 35 U.S.C. § 103(a) as being impatentable over Sasmazel in view 
of Blaze, Roberts, and Misra, and in further view of U.S. Patent No. 6,005,853 to Wang et al. 
(hereinafter "Wang"). Claims 14-16, 18, and 20 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Sasmazel in view of Roberts, Blaze, and Misra, and in further view of U.S. 
Patent No. 5,481,539 to Hershey et al. (hereinafter "Hershey"). Prior to discussing in detail why 
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applicant believes that all of the claims in the application are allowable, a brief description of 
applicant's invention and the cited references is provided. 

The following discussions of the disclosed embodiments of applicant's invention and the 
teachings of the applied references are not provided to define the scope or interpretation of any 
of applicant's claims. Instead, such discussed differences are provided to help the U.S. Patent 
and Trademark Office (hereinafter "the Office") better appreciate important claim distinctions 
discussed thereafter. 

Summary of the Present Invention 

The present invention allows users of a client computer to access a second server-based 
application based on previously provided authorization to access a first server-based application. 
The access to the second server-based application is based on the previously provided access to a 
first server-based application that can securely authenticate a client computer without requiring a 
user to endure a lengthy log-in procedure. 

The invention is ideally suited for use with client computers capable of concurrently 
executing multiple client application programs, such as an instant messaging client application 
and a Web browser application. The client computer may make requests to server-based 
applications. If the client computer is authorized to access a first server-based application, an 
authorization ticket will be transmitted to the client computer. The authorization ticket is 
encrypted and includes a time stamp indicating the time at which the authentication ticket was 
created. Once the client computer has been provided authorization to access the first server- 
based application, a cUent application starts an elapsed time counter. 

In one implementation of the present invention, when a request is made by the client 
computer to access a second server-based apphcation, the client application communicating with 
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the first server-based application determines the session length based upon the elapsed time 
counter. The client application then concatenates the original authorization ticket, the session 
length, and a secret shared with the second server-based appUcation. A hash function is then 
applied to the concatenated data to create a unique hash value. The client stores the 
authorization ticket, the session length, and the hash value in a file that is accessible to a second 
client application executing on the client computer. The client also starts a persistence timer 
when the file is saved. The persistence timer is periodically checked to determine if a 
predetermined amount of time has elapsed. If the predetermined amount of time has elapsed, the 
file is deleted fi-om the client computer. 

The client computer then launches the second client application and causes a log-in 
request to be transmitted fi-om the second client application to the second server-based 
application. The request includes the file containing the authorization ticket, the session length, 
and the hash. The second client application then receives and displays results received from the 
second server-based application. When the second server-based application receives the log-in 
request, the authorization ticket is decrypted and the shared secret is obtained from a database. 
The second server-based application then compares the computed hash value to the hash value 
received from the second client application. If the two hash values are identical, the second 
server-based application authorizes the client computer. As a result, a user does not experience 
multiple log-in procedures when accessing multiple server-based applications that service 
different client-based applications. 

Summary of Sasmazel 

Sasmazel purportedly discloses a system for authentication of data communications over 
a network that maintains user authorization throughout a network session. More specifically, 

LAW OFFICES OF 
CHRISTENSEN O'CONNOR JOHNSON KINDNESS"^ 
1420 Fifth Avenue 
Suite 2800 
Seattle, Washington 98101 
-3- 206.682.8100 

MSFT\1543IAMI.DOC 



Sasmazel purportedly allows a distributed system to maintain user authorization regardless of 
which computer in the distributed system handles the user request. Two server computers are 
used to authenticate a user and maintain that authentication throughout a network session — ^for 
example, a Web site visit. The first server is the "authentication server," which performs actions 
necessary to authenticate a user. The second server is the "authorization server" that checks a 
user's authorization level. According to Sasmazel, the authentication server is the core of the 
system, serving to coordinate processes including receiving authentication information fi-om a 
user and generating an eticket. The authorization server uses the information in the eticket to 
check authorization functionality. 

Summary of Blaze 

Blaze purportedly discloses a system for cryptographic key management that includes a 
smartcard that stores information about predetermined conditions under which an escrow agent is 
able to decrypt data files. Also, the Blaze system includes a tracking mechanism that records 
every time the smartcard is used for decryption. More specifically, Blaze purportedly discloses a 
portable cryptographic module (i.e., smartcard) that is configured to store programmed 
instructions whose execution grants access to cleartext data files. The programmed instructions 
may impose limitations on either the scope of information that is accessible to an escrow agent or 
limitations on when data files can be retrieved in cleartext form. 

Summary of Roberts 

Roberts purportedly discloses a system for automatically collecting profile information 
when a customer accesses a company Web site. After the profile information is known, dynamic 
content is displayed to the customer based on the customer's profile, which includes customized 
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Web pages. The Roberts system for gathering customer profile data includes receiving user 
identification data and creating a customer profile. The customer profile is retrieved fi-om a 
profile database when a call fi-om the customer is received. Thereafter, the customer profile is 
compared to marketing material maintained by the company and a dynamic content message is 
generated for display on the customer computer. 

Summary of Misra 

Misra is purportedly directed to a system that has a facility to check authorization and 
authentication information in a distributed environment. The system includes a principal, such 
as a portable computer that holds a secure package which may be encrypted or may include a 
digital signature. Once the principal has been provided with the secure package, the principal 
may send a request to log in to the distributed system along with authorization and authentication 
information. The secure package is accessed to determine whether the principal is authorized to 
connect to the distributed system. Where the principal is not authorized to connect to the 
distributed system, the principal's request to log in is denied. In contrast, where the principal is 
authorized to connect to the distributed system, the principal's request to connect is granted. 

Summary of Wang 

Wang is purportedly directed to a chaimel access protocol for implementing a wireless 
data network. More specifically, Wang discloses a network protocol for a high channel 
utilization. The resulting network access scheme allows a transmitter to send messages to a 
cellular base station, simultaneously with other transmitters, without the need for retransmission, 
if the message reaches the receiver with sufficient strength. Multiple transmitters and receivers 
are distributed over a geographical area, sharing the same firequency channels. As a result, 
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multiple messages are able to capture multiple receivers simultaneously, thereby improving the 
channel utilization. A message received by a base station is forwarded, either by a wired link or 
wireless link, to a network control center for routing. The base stations are distributed over a 
service area in accordance with the expected density of the wireless terminals and the physical 
attributes of the terrain. 

Summary of Hershey 

Hershey is purportedly directed to a system for communicating between mobile 
telephone devices. More specifically, Hershey purportedly discloses a commimication protocol 
where a mobile unit creates a message packet that it desires to transmit to an intended receiver 
having a unique identification number, such as a mobile telephone number. The initiating 
mobile imit broadcasts the message packet in low power to local mobile imits in the reception 
area. Each mobile unit that receives the message without errors responds with an 
acknowledgement signal. Each mobile imit that receives the broadcast determines if the message 
packet is valid. The mobile units compare the mobile unit identification number of the valid 
message packets with its own internal identification number. If the identification numbers 
match, the message was successfiiUy transmitted to the intended mobile unit. 
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